Re: OpenSMTPD + Dovecot + Dkimsign configuration?
Am 11.04.22 15:05 schrieb latin...@vcn.bc.ca: > > Am 07.04.22 21:04 schrieb latin...@vcn.bc.ca: > >> Hello > >> > >> i have had 1 Personal server for years with httpd and OpenSMTPD mail > >> server working correctly; thanks OpenBSD Team. > >> > >> But now i have another server for 500 Colleagues with OSMTPD + Dovecot + > >> Dkimsign working well; but i ask, if it were possible to use only OSMTPD > >> with virtual users + Dkimsign? > >> > >> Please tell me what i might read. > > > > I don't know exactly what you want to do. > > I think you ask if you can replace dovecot with smptd > > > > The answer is: smptd is MTA (=Mail Transport Agent) > > while dovecot is MDA (=Mail Delivery Agent), dovecot-lda > > > > Also: > > If you want your users accessing your mailserver via IMAP then you need > > an imap server and that's what dovecot is. > > > > They have different purposes but if you don't need any of dovecot's > > functions here then you can remove it. It's not required to send and > > receive emails. > > > > Thanks to answer: > > Yes, i understand the difference between MTA and MDA. But i remember > Sendmail, at that moment it was as base system; receiving similar > attention as the rest of the system. > > Dovecot is not cover, it is not part of the base system; and i personally > have had really bad experience with software that is not considered as > part of the base system. As result, i use only base system! If it is > possible. > > In this case, i supossed that using a virtual-users file could work. > > Thanks for your time Michael Hekeler > Your 500 users needs a way to read their emails. If these 500 users are real users on the system (-> useradd(8)) than they are able to read directly from filesystem and smtpd is enough. But if they are virtual users only on the mailserver then you need an pop or imapserver additional to your smtpd server. AFAIK this kind of software is not in base. But if you don't like dovecot you can use any of the alternatives.
Fwd: IKEV2 two devices can connect but only one can make traffic
-- Forwarded message -
Da: Ettore Tagarelli
Date: mar 12 apr 2022 alle ore 01:03
Subject: Re: IKEV2 two devices can connect but only one can make traffic
To:
If I use the "dynamic keyword I get this error: "no IP address found for
dynamic" though "config address 192.168.98.1/24" is there.
Using 0.0.0.0/32 instead of 0.0.0.0/0 causes that traffic is not routed
('cause /32 restrict the only address possible to 0.0.0.0) though
connection happens correctly.
IKEV2 two devices can connect but only one can make traffic
If I use the "dynamic keyword I get this error: "no IP address found for
dynamic" though "config address 192.168.98.1/24" is there.
Using 0.0.0.0/32 instead of 0.0.0.0/0 causes that traffic is not routed
('cause /32 restrict the only address possible to 0.0.0.0) though
connection happens correctly.
Re: IKEV2 two devices can connect but only one can make traffic
On Mon, Apr 11, 2022 at 11:13:45PM +0200, Ettore Tagarelli wrote: > this is my iked.conf > as far as I know the "somename" Stuart wrote about is automatically added > by iked. I don't exactly remember how it worked back in 6.6 either but you could try 0.0.0.0/32 instead of 0.0.0.0/0. In any case I would also advise to update to a newer version. > > > user "cash" "password1" > user "phosh" "password2" > >ikev2 passive esp \ > from 0.0.0.0/0 to 192.168.98.1/24 \ > local 192.168.99.3 peer any \ >eap "mschap-v2" \ >config address 192.168.98.1/24 \ > tag "$eapid" > > Last device connected works, the other stops working. > I suppose my problem could be related NAT. At the moment I couldn't try to > connect the devices from different networks, > Hope that someone could help > thanks
Re: OpenSMTPD + Dovecot + Dkimsign configuration?
> Am 07.04.22 21:04 schrieb latin...@vcn.bc.ca: >> Hello >> >> i have had 1 Personal server for years with httpd and OpenSMTPD mail >> server working correctly; thanks OpenBSD Team. >> >> But now i have another server for 500 Colleagues with OSMTPD + Dovecot + >> Dkimsign working well; but i ask, if it were possible to use only OSMTPD >> with virtual users + Dkimsign? >> >> Please tell me what i might read. > > I don't know exactly what you want to do. > I think you ask if you can replace dovecot with smptd > > The answer is: smptd is MTA (=Mail Transport Agent) > while dovecot is MDA (=Mail Delivery Agent), dovecot-lda > > Also: > If you want your users accessing your mailserver via IMAP then you need > an imap server and that's what dovecot is. > > They have different purposes but if you don't need any of dovecot's > functions here then you can remove it. It's not required to send and > receive emails. > Thanks to answer: Yes, i understand the difference between MTA and MDA. But i remember Sendmail, at that moment it was as base system; receiving similar attention as the rest of the system. Dovecot is not cover, it is not part of the base system; and i personally have had really bad experience with software that is not considered as part of the base system. As result, i use only base system! If it is possible. In this case, i supossed that using a virtual-users file could work. Thanks for your time Michael Hekeler
Re: IKEV2 two devices can connect but only one can make traffic
this is my iked.conf as far as I know the "somename" Stuart wrote about is automatically added by iked. user "cash" "password1" user "phosh" "password2" ikev2 passive esp \ from 0.0.0.0/0 to 192.168.98.1/24 \ local 192.168.99.3 peer any \ eap "mschap-v2" \ config address 192.168.98.1/24 \ tag "$eapid" Last device connected works, the other stops working. I suppose my problem could be related NAT. At the moment I couldn't try to connect the devices from different networks, Hope that someone could help thanks
Re: IKEV2 two devices can connect but only one can make traffic
On 2022-04-11, Ettore Tagarelli wrote: > Hello, > I've an Openbsd 6.6 machine with IKEV2. I always used it with only one > client connected and it always worked. Trying to connect with two clients > (behind the same NAT) I found out that the connection seems established but > only one client works. > Can anybody help me? Thanks 😊 This usually means the config is not quite right. On the currently supported versions of OpenBSD you would probably want to use "ike (somename) passive esp from any to dynamic" in the iked.conf section. It worked with older versions (like 6.6) too but I can't remember what was needed in config. Also there have been *many* improvements to iked since then, so you should upgrade.. It would also help to show the configuration. -- Please keep replies on the mailing list.
Re: OpenSMTPD + Dovecot + Dkimsign configuration?
Am 07.04.22 21:04 schrieb latin...@vcn.bc.ca: > Hello > > i have had 1 Personal server for years with httpd and OpenSMTPD mail > server working correctly; thanks OpenBSD Team. > > But now i have another server for 500 Colleagues with OSMTPD + Dovecot + > Dkimsign working well; but i ask, if it were possible to use only OSMTPD > with virtual users + Dkimsign? > > Please tell me what i might read. I don't know exactly what you want to do. I think you ask if you can replace dovecot with smptd The answer is: smptd is MTA (=Mail Transport Agent) while dovecot is MDA (=Mail Delivery Agent), dovecot-lda Also: If you want your users accessing your mailserver via IMAP then you need an imap server and that's what dovecot is. They have different purposes but if you don't need any of dovecot's functions here then you can remove it. It's not required to send and receive emails.
Re: tcpdump rotating issue with newsyslog
On Apr 10 19:09:05, yogi9...@gmail.com wrote: > Good Evening Community, > I am running the following command in the OpenBSD 6.2. You want to upgrade. > *"tcpdump -Nneqt -w tcpdump.pcap -i vic0 &"* > and using the following newsyslog.conf entry for rotating the tcpdump.pcap > # logfile_name owner:group mode count size when flags > /home/logs/tcpdump.pcap644 5 10 *z > So when newsyslog checks and >=10KB size hits, the *tcpdump.pcap* file > will be rotated and *tcpdump.pcap.0.gz* will be created. > But after this, the size of the file is not increasing. > run the following command to check the file > > *#tcpdump -r tcpdump.pcaptcpdump: bad dump file format* > *and the above tcpdump command is still running in the background.* I do this with running a pflogd instance; unlike tcpdump, pflogd is well suited to have its logs rotated and behave accordingly. For example, $ grep sip /etc/rc.local /sbin/pflogd -s 65000 -i pflog1 -f /var/log/siplog $ grep sip /etc/newsyslog.conf /var/log/siplog 600 3650 * @T00 ZB "pkill -HUP -u root -U root -t - -x pflogd" after pflog1 has been set up to capture certain traffic, as in pass log (all, to pflog1) on $phones Jan > *So the question is the tcpdump have any issue with rotating the files with > newsyslog?* > *Or am I missing something?* > *Can you please suggest a solution for this?* > > > > Thanks and Regards > Yogendra Kumar > National Institute of Technology, > Karnataka >
Re: OpenBGPd: fatal in RDE: aspath_get: Cannot allocate memory
Le 04/04/2022 à 15:43, Claudio Jeker a écrit :
You should really use as-set for this:
as-set ru-set { 2148 2585 2587 ... }
And also not match any (at least I think you don't really want that to
match on ibgp sessions):
match from ebgp AS as-set ru-set set { localpref 250 nexthop blackhole }
If done right you can replace all your rules by one single one.
Hi Claudio,
I followed your advice and everything is stable now. No need to increase
memory limits.
Thanks for the hint.
Laurent
IKEV2 two devices can connect but only one can make traffic
Hello, I've an Openbsd 6.6 machine with IKEV2. I always used it with only one client connected and it always worked. Trying to connect with two clients (behind the same NAT) I found out that the connection seems established but only one client works. Can anybody help me? Thanks 😊
Re: No longer able to mount NFS shares
Is reverse DNS properly working at all sides? On April 7, 2022 1:17:00 AM GMT+02:00, Aric Gregson wrote: >Hello, > >I have several NFS mount points shared on my local network from a >FreeNAS server running version 11.1-U7. My OBSD client computer is >running 7.0 GENERIC#224 amd64. > >For the past year or so it has been very slow to connect to the NFS >server, so slow in fact that I use the '-b' option to fork to the >background and stopped trying to mount at boot. About six months ago I >moved our home network to an Ubiquiti set-up. Since then my OBSD client >is even slower to connect. I have Macs running different levels of Mac >OS that, while now take up to 15s to connect, all do connect. Also, a >Raspberry Pi 4 server can connect quickly to the same shares. > >Once connected, writes are fast and I do not lose connection. > >For the last 48h I have not been able to connect from the OBSD client >at all. I have restarted the server to no effect. All other clients on >the network can connect to the NFS shares. > >Example of what happens with the command: > >doas mount_nfs -T -i -b 192.168.1.21:mnt/XFree/backups/share >/share > >mount_nfs: bad MNT RPC: RPC: Timed out > >Any suggestions would be greatly appreciated. > >Thanks, Aric > > >OpenBSD 7.0 (GENERIC) #224: Thu Sep 30 14:13:34 MDT 2021 >dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC >real mem = 17037697024 (16248MB) >avail mem = 16505421824 (15740MB) >random: boothowto does not indicate good seed >mpath0 at root >scsibus0 at mpath0: 256 targets >mainbus0 at root >bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7a696000 (62 entries) >bios0: vendor LENOVO version "N1QET85W (1.60 )" date 08/30/2019 >bios0: LENOVO 20HDCTO1WW >acpi0 at bios0: ACPI 5.0 >acpi0: sleep states S0 S3 S4 S5 >acpi0: tables DSDT FACP SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG ECDT >SSDT SSDT BOOT BATB SLIC SSDT SSDT SSDT WSMT SSDT SSDT DBGP DBG2 MSDM >DMAR ASF! FPDT UEFI acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) >HDAS(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP08(S4) >RP09(S4) RP10(S4) RP11(S4) RP12(S4) RP13(S4) [...] acpitimer0 at acpi0: >3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 >addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) >cpu0: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz, 2687.58 MHz, 06-8e-09 >cpu0: >FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN >cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 >mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: >apic clock running at 24MHz cpu0: mwait min=64, max=64, >C-substates=0.2.1.2.4.1.1.1, IBE cpu at mainbus0: not configured >cpu at mainbus0: not configured >cpu at mainbus0: not configured >ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins >acpimcfg0 at acpi0 >acpimcfg0: addr 0xf000, bus 0-63 >acpiec0 at acpi0 >acpiprt0 at acpi0: bus 0 (PCI0) >acpiprt1 at acpi0: bus 2 (RP01) >acpiprt2 at acpi0: bus -1 (RP02) >acpiprt3 at acpi0: bus -1 (RP03) >acpiprt4 at acpi0: bus -1 (RP04) >acpiprt5 at acpi0: bus -1 (RP05) >acpiprt6 at acpi0: bus -1 (RP06) >acpiprt7 at acpi0: bus 4 (RP07) >acpiprt8 at acpi0: bus -1 (RP08) >acpiprt9 at acpi0: bus 5 (RP09) >acpiprt10 at acpi0: bus -1 (RP10) >acpiprt11 at acpi0: bus 62 (RP11) >acpiprt12 at acpi0: bus -1 (RP12) >acpiprt13 at acpi0: bus -1 (RP13) >acpiprt14 at acpi0: bus -1 (RP14) >acpiprt15 at acpi0: bus -1 (RP15) >acpiprt16 at acpi0: bus -1 (RP16) >acpiprt17 at acpi0: bus -1 (RP17) >acpiprt18 at acpi0: bus -1 (RP18) >acpiprt19 at acpi0: bus -1 (RP19) >acpiprt20 at acpi0: bus -1 (RP20) >acpiprt21 at acpi0: bus -1 (RP21) >acpiprt22 at acpi0: bus -1 (RP22) >acpiprt23 at acpi0: bus -1 (RP23) >acpiprt24 at acpi0: bus -1 (RP24) >acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x >acpithinkpad0 at acpi0: version 2.0 >acpiac0 at acpi0: AC unit online >acpibat0 at acpi0: BAT0 model "01AV421" serial 3690 type LiP oem "SMP" >acpibat1 at acpi0: BAT1 model "01AV492" serial 4004 type LION oem "LGC" >acpicmos0 at acpi0 >acpibtn0 at acpi0: SLPB >"PNP0C14" at acpi0 not configured >acpibtn1 at acpi0: LID_ >"PNP0C14" at acpi0 not configured >"PNP0C14" at acpi0 not configured >"PNP0C14" at acpi0 not configured >tpm0 at acpi0 TPM_ addr 0xfed4/0x5000, device 0x104a rev 0x4e >"USBC000" at acpi0 not configured >acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), >C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHC_ >acpipwrres1 at acpi0: WRST >acpipwrres2 at
